Chapter 2: outline 2.1 principles of network applications app architectures app requirements 2.6 P2P applications 2.7 socket programming with UDP and TCP 2.2 Web and HTTP 2.3 FTP 2.4 electronic mail SMTP, POP3, IMAP 2.5 DNS Application Layer 2-2 FTP: the file transfer protocol FTP user interface file transfer FTP client user at host local file system FTP server remote file system transfer file to/from remote host client/server model client: side that initiates transfer (either to/from remote) server: remote host ftp: RFC 959 ftp server: port 21 Application Layer 2-3 FTP: separate control, data connections FTP client contacts FTP server at port 21, using TCP client authorized over control connection client browses remote directory, sends commands over control connection when server receives file transfer command, server opens 2nd TCP data connection (for file) to client after transferring one file, server closes data connection TCP control connection, server port 21 FTP client TCP data connection, server port 20 FTP server server opens another TCP data connection to transfer another file control connection: “out of band” FTP server maintains “state”: current directory, earlier authentication Application Layer 2-4 FTP commands, responses sample commands: sent as ASCII text over control channel USER username PASS password LIST return list of file in current directory RETR filename retrieves (gets) file STOR filename stores (puts) file onto remote host sample return codes status code and phrase (as in HTTP) 331 Username OK, password required 125 data connection already open; transfer starting 425 Can’t open data connection 452 Error writing file Application Layer 2-5 Chapter 2: outline 2.1 principles of network applications app architectures app requirements 2.6 P2P applications 2.7 socket programming with UDP and TCP 2.2 Web and HTTP 2.3 FTP 2.4 electronic mail SMTP, POP3, IMAP 2.5 DNS Application Layer 2-6 Electronic mail outgoing message queue user mailbox Three major components: user agents mail servers simple mail transfer protocol: SMTP User Agent a.k.a. “mail reader” composing, editing, reading mail messages e.g., Outlook, Thunderbird, iPhone mail client outgoing, incoming messages stored on server user agent mail server user agent SMTP mail server user agent SMTP SMTP mail server user agent user agent user agent Application Layer 2-7 Electronic mail: mail servers user mailbox mail servers: mailbox contains incoming messages for user message queue of outgoing (to be sent) mail messages SMTP protocol between mail servers to send email messages client: sending mail server “server”: receiving mail server outgoing message queue user agent mail server user agent SMTP mail server user agent SMTP SMTP mail server user agent user agent user agent Application Layer 2-8 Electronic Mail: SMTP [RFC 2821] uses TCP to reliably transfer email message from client to server, port 25 direct transfer: sending server to receiving server three phases of transfer handshaking (greeting) transfer of messages closure command/response interaction (like HTTP, FTP) commands: ASCII text response: status code and phrase messages must be in 7-bit ASCII Application Layer 2-9 Scenario: Alice sends message to Bob 4) Alice’s mail server sends Alice’s message over the TCP connection 5) Bob’s mail server places the message in Bob’s mailbox 6) Bob invokes his user agent to read message 1) Alice uses UA to compose message “to” bob@someschool.edu 2) Alice’s UA sends message to her mail server; message placed in message queue 3) Alice’s mail server opens TCP connection with Bob’s mail server (acting as a client of SMTP) 1 user agent 2 mail server 3 Alice’s mail server user agent mail server 4 6 5 Bob’s mail server Application Layer 2-10 Sample SMTP interaction S: C: S: C: S: C: S: C: S: C: C: C: S: C: S: 220 hamburger.edu HELO crepes.fr 250 Hello crepes.fr, pleased to meet you MAIL FROM: <alice@crepes.fr> 250 alice@crepes.fr... Sender ok RCPT TO: <bob@hamburger.edu> 250 bob@hamburger.edu ... Recipient ok DATA 354 Enter mail, end with "." on a line by itself Do you like ketchup? How about pickles? . 250 Message accepted for delivery QUIT 221 hamburger.edu closing connection Application Layer 2-11 Try SMTP interaction for yourself: telnet servername 25 see 220 reply from server enter HELO, MAIL FROM, RCPT TO, DATA, QUIT commands above lets you send email without using email client (reader) Application Layer 2-12 SMTP: final words SMTP uses persistent connections SMTP requires message (header & body) to be in 7-bit ASCII SMTP server uses CRLF.CRLF to determine end of message comparison with HTTP: HTTP: pull SMTP: push both have ASCII command/response interaction, status codes HTTP: each object encapsulated in its own response msg SMTP: multiple objects sent in multipart msg Application Layer 2-13 Mail message format SMTP: protocol for exchanging email msgs RFC 822: standard for text message format: header lines, e.g., To: From: Subject: header blank line body different from SMTP MAIL FROM, RCPT TO: commands! Body: the “message” ASCII characters only Application Layer 2-14 Mail access protocols user agent SMTP SMTP mail access protocol user agent (e.g., POP, IMAP) sender’s mail server receiver’s mail server SMTP: delivery/storage to receiver’s server mail access protocol: retrieval from server POP: Post Office Protocol [RFC 1939]: authorization, download IMAP: Internet Mail Access Protocol [RFC 1730]: more features, including manipulation of stored msgs on server HTTP: gmail, Hotmail, Yahoo! Mail, etc. Application Layer 2-15 POP3 protocol authorization phase client commands: user: declare username pass: password server responses +OK -ERR transaction phase, client: list: list message numbers retr: retrieve message by number dele: delete quit S: C: S: C: S: +OK POP3 server ready user bob +OK pass hungry +OK user successfully logged C: S: S: S: C: S: S: C: C: S: S: C: C: S: list 1 498 2 912 . retr 1 <message 1 contents> . dele 1 retr 2 <message 1 contents> . dele 2 quit +OK POP3 server signing off on Application Layer 2-16 POP3 (more) and IMAP more about POP3 previous example uses POP3 “download and delete” mode Bob cannot re-read email if he changes client POP3 “download-andkeep”: copies of messages on different clients POP3 is stateless across sessions IMAP keeps all messages in one place: at server allows user to organize messages in folders keeps user state across sessions: names of folders and mappings between message IDs and folder name Application Layer 2-17 Chapter 2: outline 2.1 principles of network applications app architectures app requirements 2.6 P2P applications 2.7 socket programming with UDP and TCP 2.2 Web and HTTP 2.3 FTP 2.4 electronic mail SMTP, POP3, IMAP 2.5 DNS Application Layer 2-18 DNS: domain name system people: many identifiers: SSN, name, passport # Internet hosts, routers: IP address (32 bit) used for addressing datagrams “name”, e.g., www.yahoo.com used by humans Q: how to map between IP address and name, and vice versa ? Domain Name System: distributed database implemented in hierarchy of many name servers application-layer protocol: hosts, name servers communicate to resolve names (address/name translation) note: core Internet function, implemented as applicationlayer protocol complexity at network’s “edge” Application Layer 2-19 Hostname to IP address translation Example: www.chalmers.se 129.16.71.10 File may be edited on the system Unix: /etc/hosts Windows: c:\windows\system32\drivers\etc\hosts Example of an entry manually entered in the file: “129.16.20.245 fibula.ce.chalmers.se fibula” Does not scale Hard to change All hosts need one copy of the file Impossible on the Internet Alternative: DNS, a large distributed database DNS – Domain Name System 2: Application Layer 20 DNS: services, structure DNS services hostname to IP address translation host aliasing canonical, alias names mail server aliasing load distribution replicated Web servers: many IP addresses correspond to one name why not centralize DNS? single point of failure traffic volume distant centralized database maintenance A: doesn’t scale! Application Layer 2-21 DNS: a distributed, hierarchical database Top Level Domains Root DNS Servers … com DNS servers yahoo.com amazon.com DNS servers DNS servers … org DNS servers pbs.org DNS servers edu DNS servers poly.edu umass.edu DNS serversDNS servers client wants IP for www.amazon.com; 1st approx: client queries root server to find com DNS server client queries .com DNS server to get amazon.com DNS server client queries amazon.com DNS server to get IP address for www.amazon.com Application Layer 2-22 DNS: Root name servers (2009) a Verisign, Dulles, VA c Cogent, Herndon, VA (also LA) d U Maryland College Park, MD g US DoD Vienna, VA h ARL Aberdeen, MD j Verisign, k RIPE London i Netnod, Stockholm e NASA Mt View, CA f Internet Sys. consortium, Palo Alto, CA m WIDE Tokyo b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA 13 root name servers worldwide + replicas (http://www.root-servers.org) 2: Application Layer 23 TLD, authoritative servers top-level domain (TLD) servers: responsible for com, org, net, edu, aero, jobs, museums, and all top-level country domains, e.g.: uk, fr, ca, jp Network Solutions maintains servers for .com TLD Educause for .edu TLD authoritative DNS servers: organization’s own DNS server(s), providing authoritative hostname to IP mappings for organization’s named hosts can be maintained by organization or service provider Application Layer 2-24 Local Cache-only DNS server does not strictly belong to hierarchy each ISP (residential ISP, company, university) has one also called “default name server” when host makes DNS query, query is sent to its local DNS server has local cache of recent name-to-address translation pairs (but may be out of date!) acts as proxy, forwards query into hierarchy Application Layer 2-25 DNS name resolution example host at cis.poly.edu wants IP address for gaia.cs.umass.edu Local name server acts as proxy for clients Sends queries to DNS hierarchy root DNS server 2 3 TLD DNS server 4 5 local DNS server dns.poly.edu 1 8 7 6 authoritative DNS server dns.cs.umass.edu requesting host cis.poly.edu gaia.cs.umass.edu Application Layer 2-26 DNS Queries and Answers root DNS server 2 iterated query: 3 contacted server replies with name of server to contact “I don’t know this name, local DNS server dns.poly.edu but ask this server” root server always does this 1 8 recursive query: puts burden of name resolution on contacted name server heavy load at upper levels of hierarchy? iterative answer 4 TLD DNS server 7 recursive answer 6 5 authoritative DNS server dns.cs.umass.edu requesting host cis.poly.edu gaia.cs.umass.edu (normal way as above, iterative + recursive) Application Layer 2-27 DNS: caching, updating records once (any) name server learns mapping, it caches mapping cache entries timeout (disappear) after some time (TTL) TLD servers typically cached in local name servers • thus root name servers not often visited cached entries may be out-of-date (best effort name-to-address translation!) if name host changes IP address, may not be known Internet-wide until all TTLs expire update/notify mechanisms proposed IETF standard RFC 2136 Application Layer 2-28 DNS records DNS: distributed db storing resource records (RR) RR format: (name, type=A name is hostname value is IP address type=NS name is domain (e.g., foo.com) value is hostname of authoritative name server for this domain value, type, ttl) type=CNAME name is alias name for some “canonical” (the real) name www.ibm.com is really servereast.backup2.ibm.com value is canonical name type=MX value is name of mailserver associated with name Application Layer 2-29 DNS protocol, messages query and reply messages, both with same message format 2 bytes 2 bytes msg header identification: 16 bit # for query, reply to query uses same # flags: query or reply recursion desired recursion available reply is authoritative identification flags # questions # answer RRs # authority RRs # additional RRs questions (variable # of questions) answers (variable # of RRs) authority (variable # of RRs) additional info (variable # of RRs) Application Layer 2-30 DNS protocol, messages 2 bytes 2 bytes identification flags # questions # answer RRs # authority RRs # additional RRs name, type fields for a query questions (variable # of questions) RRs in response to query answers (variable # of RRs) records for authoritative servers authority (variable # of RRs) additional “helpful” info that may be used additional info (variable # of RRs) Application Layer 2-31 Inserting records into DNS example: new startup “Network Utopia” register name networkuptopia.com at DNS registrar (e.g., Network Solutions) provide names, IP addresses of authoritative name server (primary and secondary) registrar inserts two RRs into .com TLD server: (networkutopia.com, dns1.networkutopia.com, NS) (dns1.networkutopia.com, 212.212.212.1, A) Adding a new host/service to domain: Add to authoritative name server • type A record for www.networkuptopia.com • type MX record for networkutopia.com (mail) Application Layer 2-32 Attacking DNS DDoS attacks Bombard root servers with traffic Not successful to date Traffic Filtering Local DNS servers cache IPs of TLD servers, allowing root server bypass Bombard TLD servers Potentially more dangerous Redirect attacks Man-in-middle Intercept queries DNS poisoning Send bogus relies to DNS server, which caches Exploit DNS for DDoS Send queries with spoofed source address: target IP Requires amplification Application Layer 2-33 Summary application architectures client-server specific protocols: FTP SMTP, POP, IMAP DNS Application Layer 2-34